Connectivity Requirements

Overview

Full details of all required network/firewall rules for AppsAnywhere are detailed below.

Further information is available by request to AppsAnywhere Support or as part of an AppsAnywhere Implementation.

For Parallels RAS, please refer to Parallels RAS 19 Administrator's Guide - Port reference.

Firewall Rules

The following tables detail the connectivity required, grouped according to the origin of the network traffic.

All traffic is bi-directional

Internal Destinations should be amended to match internal servers and services.

There is no requirement to configure firewall rules on AppsAnywhere servers.

AppsAnywhere

Inbound Traffic (Internal and External)

Sources	Internal Destination	Port	Usage
Client Devices	appsanywhere.uni.edu	443 TCP	User access to AppsAnywhere (e.g. via a load balancer)

Inbound Traffic (Internal)

It is recommended that access for Analytics users is provisioned on an internal network only.

Sources	Internal Destination	Port	Usage
Client Devices	analytics.uni.edu	9999 TCP	User access to Analytics A direct connection to the server DNS is recommended Retrieving content to be embedded into AppsAnywhere Analytics user interface and is required from all Analytics Viewer/Explorer (end user) devices (note: this is only the named Analytics Viewers/Explorers users and not all users of AppsAnywhere). It is recommended that access is only available on the internal network.
AppsAnywhere	analytics.uni.edu	19999 TCP	Authorizing sessions for AppsAnywhere Analytics and pulling data on behalf of AppsAnywhere Analytics UI and is only required from the AppsAnywhere Servers
AppsAnywhere01	appsanywhere02.uni.edu	80 TCP	Transfer of AppsAnywhere Client installers from other internal AppsAnywhere servers
AppsAnywhere01	appsanywhere03.uni.edu	80 TCP	Transfer of AppsAnywhere Client installers from other internal AppsAnywhere servers
Jump Host	appsanywhere01.uni.edu	22 TCP	SSH access for administration (usually via a Windows jump host)
Jump Host	appsanywhere02.uni.edu	22 TCP	SSH access for administration (usually via a Windows jump host)
Jump Host	appsanywhere03.uni.edu	22 TCP	SSH access for administration (usually via a Windows jump host)
Jump Host	analytics.uni.edu	22 TCP	AppsAnywhere remote support for installation, configuration and upgrades

Outbound Traffic (Internal)

Sources	Internal Destination	Port	Usage
AppsAnywhere	MSSQL.uni.edu	1433 TCP	Connection to your SQL database
AppsAnywhere	MSSQL.uni.edu	1434 UDP	Connection to your SQL database, if using dynamic ports
AppsAnywhere	AD.uni.edu	636 TCP	Connection via LDAPS to Active Directory
AppsAnywhere	AD.uni.edu	88 UDP	Connection via Kerberos to Active Directory
AppsAnywhere02	appsanywhere01.uni.edu	80 TCP	Transfer of AppsAnywhere Client installers to other internal AppsAnywhere servers
AppsAnywhere03	appsanywhere01.uni.edu	80 TCP	Transfer of AppsAnywhere Client installers to other internal AppsAnywhere servers
AppsAnywhere	cloudpaging.uni.edu	443 TCP	Connection to your Cloudpaging service (if applicable)
AppsAnywhere	parallels.uni.edu	443 TCP	Connection to the Parallels RAS service (if applicable)
AppsAnywhere	analytics.uni.edu	19999 TCP	Connection to the Analytics Appliance
AppsAnywhere	myfileshare.uni.edu	445 TCP	AppsAnywhere Service access to the Secure Download UNC path
Analytics	MSSQL.uni.edu	1433 TCP	Connection to the SQL database
Analytics	MSSQL.uni.edu	1433 UDP	Connection to the SQL database

Outbound Traffic (External)

Source	Port	Usage
AppsAnywhere	123 UDP	CentOS (Chrony) Time Service
AppsAnywhere	80 TCP	Icon Library and CentOS updates
AppsAnywhere	443 TCP	APIs, libraries and CentOS updates
AppsAnywhere	587 TCP	Email alerts via SMTP
Analytics	123 UDP	CentOS (Chrony) Time Service
Analytics	443 TCP	Appliance ACC, Daily License Check and CentOS updates
Analytics	80 TCP	CentOS updates
Analytics	587 TCP	Email alerts via SMTP

External Destinations

The following table provides detailed information for all the outbound destinations that AppsAnywhere requires access to during normal operation.

Source	External Destination	Port	Usage
AppsAnywhere	0.centos.pool.ntp.org	123 UDP	CentOS Time Service
AppsAnywhere	1.centos.pool.ntp.org	123 UDP	CentOS Time Service
AppsAnywhere	2.centos.pool.ntp.org	123 UDP	CentOS Time Service
AppsAnywhere	3.centos.pool.ntp.org	123 UDP	CentOS Time Service
AppsAnywhere	api.appsanywhere.com	80 TCP	Icon Library
AppsAnywhere	api.software2.com	443 TCP	AppsAnywhere Server Registration
AppsAnywhere	b12228822d08f4925072-e23aef5ecad0f6168507017a4f5869f1.ssl.cf3.rackcdn.com	443 TCP	AppsAnywhere Icon Library
AppsAnywhere	mirrorlist.centos.org Allowing outbound connections to this mirror list address is not enough to allow system updates to be downloaded. This is because the system update process initially downloads a list of available software mirrors from mirrorlist.centos.org and then selects one of mirrors depending on the fastest to respond. We recommend allowing outbound connections to all mirrors listed on the CentOS mirror list.	80 TCP	CentOS Update Repository
AppsAnywhere	cdn.remirepo.net Allowing outbound connections to this mirror list address is not enough to allow system updates to be downloaded. This is because the system update process initially downloads a list of available software mirrors from rpms.remirepo.net and then selects one of mirrors depending on the fastest to respond. We recommend allowing outbound connections to all mirrors listed on the Remi mirror list.	80 TCP	CentOS Update Repository
AppsAnywhere	mirrors.fedoraproject.org Allowing outbound connections to this mirror list address is not enough to allow system updates to be downloaded. This is because the system update process initially downloads a list of available software mirrors from mirrors.fedoraproject.org and then selects one of mirrors depending on the fastest to respond. We recommend allowing outbound connections to all mirrors listed on the Fedora mirror list.	443 TCP	CentOS Update Repository
AppsAnywhere	rpms.remirepo.net	443 TCP	CentOS Update Repository
AppsAnywhere	packages.microsoft.com	443 TCP	CentOS Update Repository
AppsAnywhere	rpm.nodesource.com ADDED 2.11	443 TCP	Node.js Update Repository
AppsAnywhere	appsanywhereresources.blob.core.windows.net	443 TCP	Appliance Configuration Console
AppsAnywhere	1bdb4cc9b0722bc205a377fabbc4511a62a47f7610ad5c7c4e62.ssl.cf3.rackcdn.com	443 TCP	Client Management
AppsAnywhere	*.s2public.blob.core.windows.net	443 TCP	Client Management
AppsAnywhere	software2-public.azureedge.net	443 TCP	Patch Management
AppsAnywhere	ajax.googleapis.com	443 TCP	jQuery & Google Fonts
AppsAnywhere	github.com	443 TCP	Other AppsAnywhere libraries
AppsAnywhere	smtp.sendgrid.net	587 TCP	Email alerts via SMTP
Analytics Server	0.centos.pool.ntp.org	123 UDP	CentOS Time Service
Analytics Server	1.centos.pool.ntp.org	123 UDP	CentOS Time Service
Analytics Server	2.centos.pool.ntp.org	123 UDP	CentOS Time Service
Analytics Server	3.centos.pool.ntp.org	123 UDP	CentOS Time Service
Analytics Server	mirrorlist.centos.org	80 TCP	CentOS Update Repository
Analytics Server	cdn.remirepo.net	80 TCP	CentOS Update Repository
Analytics Server	rpms.remirepo.net	443 TCP	CentOS Update Repository
AppsAnywhere	mirrors.fedoraproject.org	443 TCP	CentOS Update Repository
Analytics Server	s2public.blob.core.windows.net	443 TCP	ACC Updates
Analytics Server	software2-public.azureedge.net	443 TCP	ACC Updates
Analytics Server	bitbucket.org	443 TCP	Analytics model and ML updates used by reports and the reporting schema
Analytics Server	license.looker.com	443 TCP	Daily heartbeat to licensing server
Analytics Server	smtp.sendgrid.net	587 TCP	Email alerts via SMTP

Cloudpaging

Inbound Traffic (Internal and External)

Sources	Internal Destination	Port	Usage
Client Devices	paging01.uni.edu	80 TCP	User access to the Paging Service

Inbound Traffic (Internal)

Sources	Internal Destination	Port	Usage
AppsAnywhere	cloudpaging01.uni.edu	443 TCP	AppsAnywhere access to the Cloudpaging Admin Service via a load balancer

Parallels RAS

For Parallels RAS, please refer to Parallels RAS 19 Administrator's Guide - Port reference.